shadow-tls implementation

[VendettaReborn]

Motivation

The shadow-tls protocol may be one of safest protocol now? (I've used the shadow-tls-v3 for a long time, it's pretty stable)

Current implementation in other repos

• original rust: https://github.com/ihciah/shadow-tls (monoio as the runtime)
• clash go impl: https://github.com/MetaCubeX/Clash.Meta/blob/Alpha/transport/shadowtls/
• another rust version: https://github.com/hsqStephenZhang/shadow-tls-tokio-client

Status quo:

• in golang, the shadowtls client use the utls to hack the client hello packet
• in rust, since the TLS is rely on rustls, the monoio & tokio version of client both modify the rustls and change some code in the process of building client hello

what we need to do

1. fork a rustls & tokio-rustls, do some changes similar to shadow-tls-tokio-client
2. patch the Cargo.toml
3. add shadowtls's option in the shadowsocks's plugin
4. reuse the code of shadow-tls-tokio-client

I had fully implement this protocol in my local environment and had it fully tested, however, i don't know what's the best way to handle the dependency of the hacked rustls & tokio-rustls: should i maintain the code by myself, or should we create a organization, and move the forked repos(rust-tun, netstack-lwip .etc ) to it?

[ibigbug]

interesting. there's also discussions about this topic here refraction-networking/utls#103

[ibigbug]

handle the dependency of the hacked
clash-rs is under an org account - https://github.com/Watfaq

if you don't mind, you can put the forked repo under this org.

[VendettaReborn]

handle the dependency of the hacked
clash-rs is under an org account - https://github.com/Watfaq

if you don't mind, you can put the forked repo under this org.

Got it

[VendettaReborn]

interesting. there's also discussions about this topic here refraction-networking/utls#103

Yep, it's similar to the patch mentioned in this issue